Covers Task 3&4. There is unclarity in expaining the SQL update statement injection attack.
Pay attention to the line numbers of the SQL statements of unsafe_home.php and unsafe_edit_backend.php in the editor, it can be noticed that:
1. The SQL select statements in unsafe_home.php spans three lines
2. The SQL update statements in unsafe_edit_backend.php wrapped into three lines, however from the line number, we can see it occupies only ONE line, i.e 'where ID=$id' is in the comment when # is injected in the nickname.
THE ERROR IN THE DEMO: Alice leaked into the nickname of everyone is when changing Alice's salary the demo injection is "Alice',salary=100000 #", no where statement is setup since the original 'where ID=$id' is in the comment, i.e. there is NO condition. So everyone's nickname is changed to be Alice and salary to be 100000. The right inject in the nickname textbox could be:
', salary=10000 where name='Alice' #
https://github.com/ufidon/its450/tree/master/labs/lab12
